A new United Nations inquiry into the reported theft of $281 million in crypto-assets from KuCoin, a major digital currency exchange, in September 2020 “strongly suggests” links to North Korea.
Industry participants claim that Seychelles-headquartered KuCoin could be the victim of one of the largest cryptocurrency heists ever.
A classified report by independent sanctions monitors to UN Security Council members stated that blockchain or DLT-based transactions related to the security breach and hack also seemed to link to another hack that took place October 2020 when $23 million in assets were reportedly stolen.
The independent sanctions monitors noted:
“Preliminary analysis, based on the attack vectors and subsequent efforts to launder the illicit proceeds, strongly suggests links to the DPRK (the formal name for the Democratic People’s Republic of Korea.]”
They’ve now alleged that Pyongyang has been using the stolen funds to support its controversial nuclear and ballistic missile programs and also to potentially bypass certain US-led political and economic sanctions.
Although the report hasn’t actually named the victim of the attacks, KuCoin had reported the theft of $281 million worth of Bitcoin and other digital tokens on September 25, 2020.
Frank van Weert, an analyst working with Whale Alert, a Netherlands-based group that regularly tracks large crypto transfers across different blockchains, concluded:
“This must be the KuCoin hack. There were no other significant hacks during that period.”
Industry analysts noted that the bad actors had been attempting to move the stolen funds via decentralized or non-custodial exchanges – which usually work by arranging person-to-person (or peer to peer) digital currency swaps – in order to circumvent centrally-controlled exchanges, many of which had been quick to identify the stolen assets as illicit.
The UN report added:
“According to sources familiar with both hacks, the attackers exploited ‘DeFi’ protocols — i.e., smart contracts that facilitate automated transactions.”
North Korea’s United Nations mission in New York had not responded in detail to the incident.
KuCoin’s management had said previously that it was able to recover over 80% of the virtual currency stolen back in September, because of the quick action taken by other large exchanges which flagged and froze the stolen funds as they moved through their systems.
North Korea has managed to generate around $2 billion using “widespread and increasingly sophisticated” cyberattacks, which has reportedly led to a large amount of funds being stolen from banks and digital currency exchanges, the monitors had revealed back in 2019.
In the most recent report, reviewed by Reuters on Monday, they claimed that the North Korea-associated hackers kept going after established financial institutions and digital currency platforms last year.
The report further noted:
“According to one member state, the DPRK total theft of virtual assets, from 2019 to November 2020 [was around $316.4 million].”
North Korea has been dealing with crippling UN sanctions since the past 15 years. These US-led sanctions have been further strengthened by the 15-member Security Council during these years.
The recent report by the U.N. sanctions monitors pointed out that “a clear trend in 2020 was that the DPRK cyber actors have been conducting attacks against defense industries around the globe.”
KuCoin CEO Lyu has also noted that the exchange had found who the hackers might have been, however, he claims that at the request of law enforcement agencies, they will only be making their identity publicly-known after “the case is closed.” Lyu has also stated that the hunt for the attackers is still ongoing.